Wireshark

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
• The most powerful display filters in the industry
• VoIP analysis
• Live capture and offline analysis are supported
• Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
• Capture files compressed with gzip can be decompressed on the fly
• Hundreds of protocols are supported, with more being added all the time
• Coloring rules can be applied to the packet list, which eases analysis

Bug fixes:

• The following vulnerabilities have been fixed:
• [1]wnpa-sec-2018-05 The IEEE 802.11 dissector could crash. [2]Bug 14442, [3]CVE-2018-7335
• [4]wnpa-sec-2018-06 Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors ([5]Bug 14444), along with the DICOM ([6]Bug 14411), DMP ([7]Bug 14408), LLTD ([8]Bug 14419), OpenFlow ([9]Bug 14420), RELOAD ([10]Bug 14445), RPCoRDMA ([11]Bug 14449), RPKI-Router ([12]Bug 14414), S7COMM ([13]Bug 14423), SCCP ([14]Bug 14413), Thread ([15]Bug 14428), Thrift ([16]Bug 14379), USB ([17]Bug 14421), and WCCP ([18]Bug 14412) dissectors were susceptible.
• [19]wnpa-sec-2018-07 The UMTS MAC dissector could crash. [20]Bug 14339, [21]CVE-2018-7334
• [22]wnpa-sec-2018-08 The DOCSIS dissector could crash. [23]Bug 14446, [24]CVE-2018-7337
• [25]wnpa-sec-2018-09 The FCP dissector could crash. [26]Bug 14374, [27]CVE-2018-7336
• [28]wnpa-sec-2018-10 The SIGCOMP dissector could crash. [29]Bug 14398, [30]CVE-2018-7320
• [31]wnpa-sec-2018-11 The pcapng file parser could crash. [32]Bug 14403, [33]CVE-2018-7420
• [34]wnpa-sec-2018-12 The IPMI dissector could crash. [35]Bug 14409, [36]CVE-2018-7417
• [37]wnpa-sec-2018-13 The SIGCOMP dissector could crash. [38]Bug 14410, [39]CVE-2018-7418
• [40]wnpa-sec-2018-14 The NBAP disssector could crash. [41]Bug 14443, [42]CVE-2018-7419
• Change placement of "double chevron" in Filter Toolbar to eliminate overlap. ([43]Bug 14121)
• AutoScroll does not work. ([44]Bug 14257)
• BOOTP/DHCP: malformed packet -> when user class option (77) is present. ([45]Bug 14312)
• GET MAX LUN wLength decoded as big-endian - USB Mass Storage. ([46]Bug 14360)
• Unable to create Filter Expression Button for a yellow filter. ([47]Bug 14369)
• Buildbot crash output: fuzz-2018-01-28-15874.pcap. ([48]Bug 14371)
• NetScaler RPC segmentation fault / stack overflow. ([49]Bug 14399)
• [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc (generate_hash_key). ([50]Bug 14407)
• Newline "n" in packet list field increase line height for all rows. ([51]Bug 14424)
• ieee80211-radio.c preamble duration calculation not correct. ([52]Bug 14439)
• DIS: Malformed packet in SISO-STD-002 transmitter. ([53]Bug 14441)

Updated protocol support:

• ASN.1 BER, BOOTP/DHCP, DCE RPC NETLOGON, DICOM, DIS, DMP, DOCSIS, EPL, FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP, LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, SIGCOMP, Thread, Thrift, TLS/SSL, UMTS MAC, USB, USB Mass Storage, and WCCP

New and updated capture file support:

• pcap pcapng